General
-
Target
bebd42347ffb13728ff375b40b9d9752f5f66ea7e27b53daa3ec6ecf0bc7324b
-
Size
4.1MB
-
Sample
230204-kv5a9sch97
-
MD5
f77d27a82b832fb26c46c52633ab7467
-
SHA1
4ab6476d985c57c6982273542c5e4a51ab110fb4
-
SHA256
bebd42347ffb13728ff375b40b9d9752f5f66ea7e27b53daa3ec6ecf0bc7324b
-
SHA512
1ed0591b86c2a68e77c4a012096e14d62344302dd58d7f2034718005a140797ba0173f6ce6ccd64f71765e7ea3d7232d7ebdc0645b99df7ebc94f7f414a1b4e1
-
SSDEEP
98304:6naglCFcZHa/NtE1dYNUIFFBMEII15m4WNmsZngw3i:6nag0q2tEHSUIFFHgPngd
Static task
static1
Malware Config
Targets
-
-
Target
bebd42347ffb13728ff375b40b9d9752f5f66ea7e27b53daa3ec6ecf0bc7324b
-
Size
4.1MB
-
MD5
f77d27a82b832fb26c46c52633ab7467
-
SHA1
4ab6476d985c57c6982273542c5e4a51ab110fb4
-
SHA256
bebd42347ffb13728ff375b40b9d9752f5f66ea7e27b53daa3ec6ecf0bc7324b
-
SHA512
1ed0591b86c2a68e77c4a012096e14d62344302dd58d7f2034718005a140797ba0173f6ce6ccd64f71765e7ea3d7232d7ebdc0645b99df7ebc94f7f414a1b4e1
-
SSDEEP
98304:6naglCFcZHa/NtE1dYNUIFFBMEII15m4WNmsZngw3i:6nag0q2tEHSUIFFHgPngd
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-